summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorConor Ward <conor.ward@ericsson.com>2018-09-21 12:15:57 +0000
committerConor Ward <conor.ward@ericsson.com>2018-09-21 12:15:57 +0000
commit32a143ffae69b2675e98c1d41be18defe31645b4 (patch)
tree58b6ea7bedc00ca790a6a1cf231681f7d7affdfe
parent46ef61c0fe477483be17dbf9af2ef3b1023da0d8 (diff)
Fix NodeServlet Vulnerabilities
Change-Id: I7257eb3f65b76888098d85e4a7cad7f97f754570 Signed-off-by: Conor Ward <conor.ward@ericsson.com> Issue-ID: DMAAP-775
-rw-r--r--datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java23
1 files changed, 8 insertions, 15 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index b54068b5..51e59925 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -137,15 +137,16 @@ public class NodeServlet extends HttpServlet {
/**
* Handle all PUT requests
*/
- protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ protected void doPut(HttpServletRequest req, HttpServletResponse resp) {
NodeUtils.setIpAndFqdnForEelf("doPut");
eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
getIdFromPath(req) + "");
try {
common(req, resp, true);
- }
- catch(IOException ioe){
+ } catch(IOException ioe){
logger.error("IOException" + ioe.getMessage());
+ } catch(ServletException se){
+ logger.error("ServletException" + se.getMessage());
}
}
@@ -158,9 +159,10 @@ public class NodeServlet extends HttpServlet {
getIdFromPath(req) + "");
try {
common(req, resp, false);
- }
- catch(IOException ioe){
+ } catch(IOException ioe){
logger.error("IOException" + ioe.getMessage());
+ } catch(ServletException se){
+ logger.error("ServletException" + se.getMessage());
}
}
@@ -277,9 +279,8 @@ public class NodeServlet extends HttpServlet {
File data = new File(fbase);
File meta = new File(fbase + ".M");
OutputStream dos = null;
- Writer mw = null;
InputStream is = null;
- try {
+ try (Writer mw = new FileWriter(meta)){
StringBuffer mx = new StringBuffer();
mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
Enumeration hnames = req.getHeaderNames();
@@ -353,12 +354,10 @@ public class NodeServlet extends HttpServlet {
}
String dbase = di.getSpool() + "/" + pubid;
Files.createLink(Paths.get(dbase), dpath);
- mw = new FileWriter(meta);
mw.write(metadata);
if (di.getSubId() == null) {
mw.write("X-ATT-DR-ROUTING\t" + t.getRouting() + "\n");
}
- mw.close();
meta.renameTo(new File(dbase + ".M"));
}
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
@@ -383,12 +382,6 @@ public class NodeServlet extends HttpServlet {
} catch (Exception e) {
}
}
- if (mw != null) {
- try {
- mw.close();
- } catch (Exception e) {
- }
- }
try {
data.delete();
} catch (Exception e) {